You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by pmaks <pi...@live.com> on 2011/04/27 13:03:50 UTC
Use shiro in wicket application
Hi All,
I've a very basic question, how to start using shiro in a wicket
application. I've searched on net, but I couldn't find any guide on this
topic. Please help me with any good urls.
Thanks
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Use-shiro-in-wicket-application-tp6309015p6309015.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Use shiro in wicket application
Posted by armandoxxx <ar...@dropchop.com>.
copy paste from shiro.ini
[main]
myRealmCredentialsMatcher =
org.apache.shiro.authc.credential.SimpleCredentialsMatcher
myRealm = my.package.security.shiro.MyRealm
myRealm.credentialsMatcher = $dropchopRealmCredentialsMatcher
myRealm impl
@Override
protected AuthenticationInfo doGetAuthenticationInfo(final
AuthenticationToken theToken) {
UsernamePasswordToken upToken = (UsernamePasswordToken) theToken;
SecurityController securityController =
controllerFactory.getController(SecurityController.class); //!!!!!! MY
CUSTOM DAO TO LOAD USERS FROM DATABASE !!!!!!
Principal user = null;
try {
user = securityController.loadUserByLoginName(upToken.getUsername());
} catch (InvalidDataException idEx) {
throw new AuthenticationException(idEx);
} catch (ResourceException rEx) {
throw new AuthenticationException(rEx);
}
if (user == null) {
throw new AuthenticationException("Login name [" + upToken.getUsername()
+ "] not found!");
}
log.info("Found user with username {}", upToken.getUsername());
return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(final
PrincipalCollection thePrincipals) {
Set<String> roles = new HashSet<String>();
Set<Permission> permissions = new HashSet<Permission>();
Collection<Principal> principalsList =
thePrincipals.byType(Principal.class);
SecurityController securityController =
controllerFactory.getController(SecurityController.class); // !!!! MY CUSTOM
DAO TO LOAD USER STUFF FROM !!!
if (principalsList.isEmpty()) {
throw new AuthorizationException("Empty principals list!");
}
for (Principal userPrincipal : principalsList) {
try {
Principal user = securityController.loadById(Principal.class,
userPrincipal.getUuid()); //!!! CUSTOM DAO LOADING CODE !!!!
if (user == null) {
throw new AuthorizationException("Unable to find user by principal id
[" + String.valueOf(userPrincipal.getUuid()) + "]");
}
Set<Role> userRoles = user.getRoles();
log.debug("Using roles [{}] info for [{}] principal", new
Object[]{userRoles, user});
for (Role role : userRoles) {
roles.add(role.getName());
Set<WildcardPermission> userPermissions = role.getPermissions();
log.debug("Using role [{}] permissions [{}]", new Object[]{role,
userPermissions});
permissions.addAll(userPermissions);
}
} catch (InvalidDataException idEx) {
throw new AuthorizationException(idEx);
} catch (ResourceException rEx) {
throw new AuthorizationException(rEx);
}
}
log.info("Loaded authorization info for [{}] principals",
principalsList.size());
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
info.setRoles(roles);
info.setObjectPermissions(permissions);
return info;
}
did this helped ?
Regards
Armando
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Use-shiro-in-wicket-application-tp6309015p6313164.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Use shiro in wicket application
Posted by pmaks <pi...@live.com>.
Thanks for the reply Armando, But I'm still not clear about shiro.ini entries
(realm, login page etc..). Can you please show me a sample shiro.ini for
wicket.
Thanks a lot
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Use-shiro-in-wicket-application-tp6309015p6309453.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Use shiro in wicket application
Posted by armandoxxx <ar...@dropchop.com>.
Well how i did it ...
Added shiro as a filter in web.xml
Created 3 pages (BasePage, AuthPage and NotAllowedPage)
BasePage has login form so user can login (Login form component methods do
the login with shiro)
if login is successful user is redirected to AuthPage and is shown
components ...
if not NotAllowedPage is displayed.
/**
* on login form submitted.
*/
@Override
public void onSubmit() {
String username = loginNameField.getModelObject();
String password = passwordField.getModelObject();
//!!!!!!! Wrapper for SHIRO STUFF !!!!!!!!
MySecurityController security =
((MyApplication)this.getApplication()).getSecurityGuard();
try {
security.login(username, password);
this.getRequestCycle().setRedirect(true);
this.setResponsePage(instanceOfMyAuthPage);
} catch (Exception e) {
LOG.info("Error on login !", e);
}
}
in SHIRO Wrapper controller
/**
* Login user if user is not authenticated yet!
*
* @param loginName login name.
* @param password password.
*
* @throws org.apache.shiro.authc.AuthenticationException if any other
error occurs.
*/
public void login(final String loginName, final String password) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(loginName,
password);
token.setRememberMe(false);
currentUser.login(token);
}
}
Any better ideas appreciated !
Regards
Armando
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Use-shiro-in-wicket-application-tp6309015p6309057.html
Sent from the Shiro User mailing list archive at Nabble.com.